← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClickFix campaign uses fake macOS utilities lures to deliver infostealers
WHITE MarinaDiamandis 2026-05-11 Modified: 2026-05-11
80
IOCs
HIGH VOLUME
Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration, threat actors attempt to take advantage of users who are looking for helpful advice on macOS-related issues (for example, optimizing their disk space) in blog sites and other user-driven content platforms by hosting their malicious commands in these sites.
Indicators of Compromise (4 / 80 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 22d051c9cc458012b98e9bdca501759e MD5 of a2421f7fd4be6b12382150033507af7aa8bf6241 2026-05-11
FileHash-MD5 6bdc50f8fd33068331e16766fd5f3b63 MD5 of 241a50befcf5c1aa6dab79664e2ba9cb373cc351cb9de9c3699fd2ecb2afab05 2026-05-11
FileHash-MD5 8a43b2d626ad00289053ab73374bbc2b MD5 of 7ca42f1f23dbdc9427c9f135815bb74708a7494ea78df1fbc0fc348ba2a161ae 2026-05-11
FileHash-MD5 8bfa2df2110c38dff2359a416ce14693 MD5 of 5144bf4e32c5832c426ad3da55d45f026f66bc95 2026-05-11
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/